netbox-plugin-auth-saml2
netbox-plugin-auth-saml2 copied to clipboard
jeremyschulman
Questions about CUSTOM_ATTR_BACKEND not working properly
Could anyone help me on this issue?
My configuration for CUSTOM_ATTR_BACKEND doesn't work for some reasons. Once I login using Saml, the login account doesn't have firstname, lastname and groups.
This is my config for saml plugin.
PLUGINS = ["django3_saml2_nbplugin"]
REMOTE_AUTH_BACKEND = "netbox.authentication.RemoteUserBackend"
PLUGINS_CONFIG = {
"django3_saml2_nbplugin": {
# Use the Netbox default remote backend
"AUTHENTICATION_BACKEND": REMOTE_AUTH_BACKEND,
# Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
"ENTITY_ID": "903188",
# Custom URL to validate incoming SAML requests against
"ASSERTION_URL": "https://localhost.test.com",
# ACS URL
# or local file path
"METADATA_LOCAL_FILE_PATH": "/etc/netbox/config/saml2_uat.xml",
# Settings for SAML2CustomAttrUserBackend. Optional.
"CUSTOM_ATTR_BACKEND": {
# Attribute containing the username. Optional.
'USERNAME_ATTR': 'Email',
# Attribute containing the user's email. Optional.
'MAIL_ATTR': 'Email',
# Attribute containing the user's first name. Optional.
'FIRST_NAME_ATTR': 'FirstName',
# Attribute containing the user's last name. Optional.
'LAST_NAME_ATTR': 'LastName',
# Set to True to always update the user on logon
# from SAML attributes on logon. Defaults to False.
'ALWAYS_UPDATE_USER': False,
# Attribute that contains groups. Optional.
'GROUP_ATTR': 'Groups',
# Dict of user flags to groups.
# If the user is in the group then the flag will be set to True. Optional.
'FLAGS_BY_GROUP': {
'is_staff': '2000004434',
'is_superuser': '2000004434'
},
},
}
}
This is the saml response for Email, FirstName, LastName and Groups.
<saml:Attribute Name="Email">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>Xun</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>Wang</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Groups">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
> 2000004434 </saml:AttributeValue>
</saml:Attribute>
Does anyone know why all the fields in CUSTOM_ATTR_BACKEND don't work?
REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend' ?
(also ensure that REMOTE_AUTH_BACKEND is not set later again in configuration.py)
REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend'?(also ensure that
REMOTE_AUTH_BACKENDis not set later again in configuration.py)
Oh, it works. Thank you so much!
REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend'?(also ensure that
REMOTE_AUTH_BACKENDis not set later again in configuration.py)
This was such a legendary save. I figured it was correctly set since SAML was technically working, but it wouldn't recognize any of the group attributes. You are a godsend, my friend.
